search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.83k stars 9.18k forks source link

[Bug]: Macie Classification Job cannot be destroyed if the status is completed #27242

Open abarkat99 opened 2 years ago

abarkat99 commented 2 years ago

Terraform Core Version

1.3.0

AWS Provider Version

4.12.1

Affected Resource(s)

aws_macie2_classification_job

Expected Behavior

When running destroy for a classification job whose status is "Complete" the job should get removed from the state.

Actual Behavior

Terraform tries to update the status of the Job to "Cancelled" and errors out.

Relevant Error/Panic Output Snippet

error deleting Macie ClassificationJob (REDACTED): ValidationException: Input validation failed, cannot update completed job for job: arn:aws:macie2:us-west-2:REDACTED:classification-job/REDACTED

Terraform Configuration Files

resource "aws_macie2_classification_job" "main" {
  name        = var.name
  description = var.description
  job_type    = "ONE_TIME"
  initial_run = false

  s3_job_definition {
    bucket_definitions {
      account_id = var.account_id
      buckets    = var.buckets
    }
  }
}

Steps to Reproduce

  1. Run terraform apply
  2. Wait for job to be completed
  3. Run terraform destroy

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No response

github-actions[bot] commented 2 years ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

dcloud9 commented 3 months ago

I think this is default behaviour of a job_type = ONE_TIME job type. Even in AWS console no way to delete both ONE_TIME and SCHEDULED jobs. Workaround for me is to use apply -replace <resource-job> to cancel the previous job and create a new job. I use name_prefix to generate random/unique job names.